diff --git a/TODO b/TODO
index 9c0e883594..bfeb946997 100644
--- a/TODO
+++ b/TODO
@@ -89,6 +89,13 @@ Features:
   (which has benefits, given SecureBoot and kernel cmdline are not necessarily
   friends.)
 
+* mirroring this: maybe support binding to AV_VSOCK in Type=notify services,
+  then passing $NOTIFY_SOCKET and $NOTIFY_GUESTCID with PID1's cid (typically
+  fixed to "2", i.e. the official host cid) and the expected guest cid, for the
+  two sides of the channe. The latter env var could then be used in an
+  appropriate qemu cmdline. That way qemu payloads could talk sd_notify()
+  directly to host service manager.
+
 * maybe write a tool that binds an AF_VFSOCK socket, then invokes qemu,
   extending the command line to enable vsock on the VM, and using fw_cfg to
   configure socket address.